Understanding HTTP Flow with Netmon 3 - By Yuri Diogenes/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspx1. Introduction
One of the most common protocols that we need to deal with these days is the HTTP Protocol. This is not only a privilege of Internet users, there are a lot of Intranet users that also use this protocol for internal transactions.
7.x ProductionRE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxTue, 05 Aug 2014 00:05:45 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4hassan sayed issa200140thanks<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxWed, 04 Jun 2008 12:39:48 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Anonymous0<p>This week's collection of interesting links! Understanding HTTP Flow with Netmon 3 - Interesting article</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxFri, 28 Mar 2008 03:24:31 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Anonymous0<p>While browsing on the technet portal for details on Netmon drivers for Vista, happened to visit a blog</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxTue, 29 Jan 2008 08:33:20 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Paul E Long0<p>This is not possible today. We've been looking at this as a feature for future versions of NM, but we have not solid plans to implement this soon.</p>
<p>There are ways of getting this information with Vista and above OS's so we may be able to find a way to leverage those methods with the API available in NM3.2 &nbsp;When we have time to investigate this further we might be able to provide a separate tool to capture local traffic.</p>
<p>Thanks,</p>
<p>Network Monitor Team</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxTue, 29 Jan 2008 04:43:16 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Tomarenz0<p>Hi, a tricky question: is there any way to sniff packets intramachine ? I mean process-to-process, e.i. when browser and web server are on the same host.</p>
<p>Very useful while developing, as the last chance when things go wrong.</p>
<p>I have XP and MS loopback installed on 192.168.02. but I can't see any packet over there. All flow over the wireless on 192.168.0.3</p>
<p>From net info (e.i. Ethereal world) I understand that I definitely cannot sniff intramachine in the Windows world, but who knows with Netmon ...</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxTue, 22 Jan 2008 02:10:54 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Paul E Long0<p>You have to modify TCP.NPL and add the port. &nbsp;Please reference this BLOG for more info: <a rel="nofollow" target="_new" href="http://blogs.technet.com/netmon/archive/2006/10/04/NPL-_1320_-The-Power-Behind-the-Parsers.aspx">http://blogs.technet.com/netmon/archive/2006/10/04/NPL-_1320_-The-Power-Behind-the-Parsers.aspx</a>.</p>
<p>Thanks,</p>
<p>Network Monitor Team</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxMon, 21 Jan 2008 20:06:46 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Tomarenz0<p>Ah, I suspected that. Indeed port is 8180. I tried to spot where I could set it up, no success.</p>
<p>How/where do I add non-standard ports to a protocol ?</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxSat, 19 Jan 2008 04:44:28 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Paul E Long0<p>What port is the HTTP traffic on? &nbsp;By default the NPL for NM3 uses ports 80 and 8080. &nbsp;But you can add other ports if the app is using a non-standard HTTP port.</p>
<p>Thanks,</p>
<p>Network Monitor Team</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">RE: Understanding HTTP Flow with Netmon 3 - By Yuri Diogeneshttp://blogs.technet.com/b/netmon/archive/2007/12/21/understanding-http-flow-with-netmon-3-by-yuri-diogenes.aspxFri, 18 Jan 2008 06:55:17 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:021bcc99-0ee9-4c93-a463-1601eb96cac4Tomarenz0<p>Very interesting, but after a sort trial &nbsp;using two hosts with Tomcat and a browser - I was unable to see any HTTP protocol name. Frames were captured, but they are &nbsp;all marked as TCP.</p>
<p>Installation on XP out-of-the-box, no filters. How can I get HTTP frames being properly recognized ?</p>
<p>Thansk.</p>
<img src="http://blogs.technet.com/aggbug.aspx?PostID=2667183&AppID=5282&AppType=Weblog&ContentType=0" width="1" height="1">